This is an automated email from the ASF dual-hosted git repository.
abhay pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new fc942a2 RANGER-3295: Update Ranger Policy Engine capability matrix
fc942a2 is described below
commit fc942a2c014e108ddc0e5265a1ae9f0162738da5
Author: Abhay Kulkarni <[email protected]>
AuthorDate: Mon May 24 16:43:22 2021 -0700
RANGER-3295: Update Ranger Policy Engine capability matrix
---
.../ranger/plugin/util/RangerPluginCapability.java | 27 +++++++++++++++++-----
.../plugin/test_plugin_capability.json | 4 ++--
2 files changed, 23 insertions(+), 8 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
index 53e1a9b..b2cecc1 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPluginCapability.java
@@ -28,11 +28,11 @@ import java.util.List;
public class RangerPluginCapability {
/*
- - tag-policies
+ - tag-policies
- allowExceptions/deny/denyExceptions
- masking/row-filtering
- Macros - like ${USER}
- - tag-based masking/row-filtering
+ - tag-based masking/row-filtering
- audit mode support
- service-def changes - isValidLeaf
- validity periods
@@ -42,6 +42,11 @@ public class RangerPluginCapability {
- deny AllElse policies
- roles
- role download timer
+ - Audit-excluded-users
+ - Chained plugins
+ - Super-user permission
+ - UserStore download
+ - Audit-policies
*/
private final long pluginCapabilities;
private static final String baseRangerCapabilities =
computeBaseCapabilities();
@@ -59,9 +64,14 @@ public class RangerPluginCapability {
RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION("Policy-level
Condition"),
RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY("Deny-all-else Policy"),
RANGER_PLUGIN_CAPABILITY_ROLE("Role"),
- RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER("Role Timer");
-
- private String name;
+ RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER("Role Timer"),
+ RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS("Audit-Excluded Users"),
+ RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS("Chained Plugins"),
+ RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS("Super-user
Permissions"),
+ RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD("UserStore Download"),
+ RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY("Audit Policy");
+
+ private final String name;
RangerPluginFeature(String name) {
this.name = name;
}
@@ -160,7 +170,12 @@ public class RangerPluginCapability {
,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION.getName()
,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY.getName()
, RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE.getName()
- ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER.getName());
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER.getName()
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS.getName()
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS.getName()
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS.getName()
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD.getName()
+ ,
RangerPluginFeature.RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY.getName());
return Long.toHexString(new
RangerPluginCapability(baseCapabilities).getPluginCapabilities());
}
diff --git
a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
index a9f741b..b968743 100644
---
a/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
+++
b/agents-common/src/test/resources/policyengine/plugin/test_plugin_capability.json
@@ -21,14 +21,14 @@
{
"name": "Using all existing capabilities",
"myCapabilities": [],
- "otherCapabilities": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES",
"RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
"RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE",
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF",
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD",
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
"RANGER_PLUGIN_CAP [...]
+ "otherCapabilities":
["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
"RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE",
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF",
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD",
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
"RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLUGIN_CAP [...]
"difference": []
},
{
"name": "Using all existing capabilities, other has fewer",
"myCapabilities": [],
"otherCapabilities":
["RANGER_PLUGIN_CAPABILITY_ROLE_DOWNLOAD_TIMER","RANGER_PLUGIN_CAPABILITY_MASKING_AND_ROW_FILTERING",
"RANGER_PLUGIN_CAPABILITY_MACROS", "RANGER_PLUGIN_CAPABILITY_AUDIT_MODE",
"RANGER_PLUGIN_CAPABILITY_RESOURCE_IS_VALID_LEAF",
"RANGER_PLUGIN_CAPABILITY_VALIDITY_PERIOD",
"RANGER_PLUGIN_CAPABILITY_POLICY_PRIORITY","RANGER_PLUGIN_CAPABILITY_SECURITY_ZONE","RANGER_PLUGIN_CAPABILITY_POLICY_LEVEL_CONDITION",
"RANGER_PLUGIN_CAPABILITY_DENY_ALL_ELSE_POLICY","RANGER_PLU [...]
- "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES"]
+ "difference": ["RANGER_PLUGIN_CAPABILITY_TAG_POLICIES",
"RANGER_PLUGIN_CAPABILITY_AUDIT_EXCLUDED_USERS",
"RANGER_PLUGIN_CAPABILITY_CHAINED_PLUGINS",
"RANGER_PLUGIN_CAPABILITY_SUPERUSER_PERMISSIONS",
"RANGER_PLUGIN_CAPABILITY_USERSTORE_DOWNLOAD",
"RANGER_PLUGIN_CAPABILITY_AUDIT_POLICY"]
}
]
}
\ No newline at end of file